• No results found

Using ISO/IEC for mobile devices

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Using ISO/IEC for mobile devices"

Copied!
25
0
0

Loading.... (view fulltext now)

Download now ( 25 Page )

Full text

(1)

Using ISO/IEC 24727 for mobile devices

Jan Eichholz,

Giesecke & Devrient GmbH

Dr. Detlef Hühnlein,

secunet Security Networks AG

Manuel Bach,

(2)

ISO/IEC 24727 for mobile devices

Agenda

ˆ

ISO/IEC 24727

ˆ

Using ISO/IEC 24727 for mobile devices

ˆ

with Mobile Signature Service

ˆ

in a Java Micro Edition environment

(3)

ISO/IEC 24727 for mobile devices

Agenda

ˆ

ISO/IEC 24727

ˆ

Using ISO/IEC 24727 for mobile devices

ˆ

with Mobile Signature Service

ˆ

in a Java Micro Edition environment

(4)
(5)

Functions of the

ISO24727-3-Interface

ˆ

Card-application-service Access

ˆ Initialize ˆ Terminate ˆ CardApplicationPath ˆ

Connection-service

ˆ CardApplicationConnect ˆ CardApplicationDisconnect ˆ CardApplicationStartSession ˆ CardApplicationEndSession ˆ

Card-application service

ˆ CardApplicationList ˆ CardApplicationCreate ˆ CardAppicationDelete ˆ CardApplicationServiceList ˆ CardApplicationServiceCreate ˆ CardApplicationServiceLoad ˆ CardApplicationServiceDelete ˆ CardApplicationServiceDescribe ˆ ExecuteAction

ˆ

Named data service

ˆ DataSetList ˆ DataSetDelete ˆ DSIList ˆ DSICreate ˆ DSIDelete ˆ DSIRead ˆ DSIWrite ˆ

Cryptographic service

ˆ Encipher ˆ Decipher ˆ GetRandom ˆ Hash ˆ Sign ˆ VerifySignature ˆ VerifyCertificate ˆ

Differential-identity service

ˆ DIDList ˆ DIDCreate ˆ DIDGet ˆ DIDUpdate ˆ DIDDelete ˆ DIDAuthenticate ˆ

Authorization service

(6)

First ISO/IEC 24727 deployments

e.g. Australian

Drivers License

e.g. Personal

Identity Verification (PIV)

e.g. European

Citizen Card (ECC)

(7)

eCard-API-Framework

(BSI TR 03112, http://www.bsi.de/literat/tr/tr03112/index.htm)

(8)

≈ ISO/IEC 24727 + OASIS DSS (-X)

eID

ISO/IEC 24727

(CEN 15480)

ISO/IEC 24727

(CEN 15480)

OASIS DSS (-X)

OASIS DSS (-X)

(9)

Loyal Stack

HBA

(10)

Remote Loyal Stack

(Internet Pharmacy)

eGK

(11)

Remote Loyal & ICC Stack

(Citizen Services with mEAC)

Service-Access-Layer Terminal-Layer Citizen Service Browser Service-Access-Layer Terminal-Layer

mEAC

(12)

ISO/IEC 24727 for mobile devices

Agenda

ˆ

ISO/IEC 24727

ˆ

Using ISO/IEC 24727 for mobile devices

ˆ

with Mobile Signature Service

ˆ

in a Java Micro Edition environment

(13)

Mobile Signature Service

ˆ

Specifies Web Service Interfaces between

ˆ

Application Providers (AP) and

ˆ

Mobile Signature Service Providers (MSSP)

which allow to create digital signatures with mobile devices

ˆ

Standardized by ETSI

ˆ

TR 102 203 (Business & Functional Requirements)

(14)
(15)

Mapping ISO/IEC 24727-3 to

ETSI 102204

Using the signing capability of the mobile device it is possible to design a challenge-response protocol for authentication.

MSS_SignatureReq DIDAuthenticate

DIDGet will be used to obtain information about a user profile and the status of a current transaction.

MSS_ProfileReq /

MSS_StatusReq DIDGet

The keys of the mobile users are represented as Differential-Identites (DID). Consequently the creation of a DID corresponds to the registration of a user.

MSS_RegistrationReq

DIDCreate /

DIDUpdate

Using this function the AP and the MSSP agree on security mechanisms for further requests and responses.

MSS_HandshakeReq CardApplication

StartSession

Besides path-information of regular card-applications, CardApplication Path will also return a path to the „virtual card-application“ for [ETSI-102204].

/ CardApplication Path Note [ETSI-102204] [ISO24727] Part 3

(16)

ISO/IEC 24727 for mobile devices

Agenda

ˆ

ISO/IEC 24727

ˆ

Using ISO/IEC 24727 for mobile devices

ˆ

with Mobile Signature Services

ˆ

in a Java Micro Edition environment

(17)

Java

TM

Micro Edition (JME)

ˆ

Started in Japan in 1999

ˆ

Basic Standards (MIDP 1.0 and CLDC 1.0) available

since 2000

ˆ

First MIDP cell phones available since 2000 (e.g.

Siemens SL45i)

ˆ

The Mobile Service Architecture defines a powerful

platform

ˆ

Lot’s of additional API’s (SVG, M3G, MMAPI, BT, PIM,

CHAPI, SIP, LOCATION, …)

(18)

JME Architecture

Mobile Service Architecture (MSA)

Umbrella

JSR

VM and

basic APIs

SIM access,

Crypto, PKI

XML,

WebServices

UI, pers. data,

network,

permissions,

(19)

Additional JSR’s

WS

SATSA

CHAPI

LBS

3D

SVG

PIM/FC

Obex

BT/

WMA

MMAPI

AMS

SIP

I18N

Paymnt.

MSA Subset

MSA

Contacless

Communication

Service Connection

JSR 257

NFC, ISO/IEC

14443

communication

JSR 279

enhanced Web

Services, SOAP,

REST, Atom

(20)
(21)
(22)

ISO/IEC 24727 for mobile devices

Agenda

ˆ

ISO/IEC 24727

ˆ

Using ISO/IEC 24727 for mobile devices

ˆ

with Mobile Signature Service

ˆ

in a Java Micro Edition environment

ˆ

Summary

(23)

Summary

ˆ

ISO/IEC 24727 about to become

the

global eID-standard

ˆ

MSS-based integration possible with

ˆ

arbitrary mobile devices,

ˆ

but requires additional infrastructure services (MSSP)

ˆ

JME offers the necessary functionality to integrate mobile

devices into the ISO/IEC 24727 infrastructure

ˆ

NFC will push forward to integrate contactless

communications into mobile devices

(24)

Deadline:

15.05.2008

Call for Papers - BIOSIG 2008

Biometric Border Control & Federated

Identity Management

September 11/12, 2008, Darmstadt

(25)

Thank you very much

for your kind attention!

Contact:

Dr. Detlef Hühnlein

secunet Security Networks AG

[email protected]

References

Download now ( PDF - 25 Page - 836.33 KB )

Related documents

YAML: A Tool for Hardware Design Visualization and Capture

Towards this end we have built a design entry tool YAML, which uses UML notations to model hardware, and allows the user to input information about objects and rela- tionships into

RISKS FACED BY BROKERAGES IN INDIA. By Himanshu Kaji

rules, bye -laws or regulations made there under, where - laws or regulations made there under, where separate penalty not provided for. separate penalty not provided for -

Self-care, Social Support, and Biological Markers in Liver Transplant Recipients

이러한 합병증이 발생하거나 이외에도 여러 가지 약물이나 음식에 의한 독성, 감염, 무리한 신체활동 등으로 간의 손상이 있을 경우 혈중 GOT

CASPR Commonly Accepted Security Practices and Recommendations

ISO/IEC 27002 is an internationally recognized standard for information security management, that provides a common basis for developing organizational security standards and

Does One Size Fit All? : Some lessons from monetary policy in the crisis years

While countries like Ireland, Greece, Spain, Portugal, Italy (often referred to as the GIIPS-countries) and Luxembourg, experienced rates far from what a Taylor rule would suggest

Measuring and mapping soundscape speech intelligibility

When the ESII evaluation is coupled with the temporal window model, predictions can be made on the effects of different kinds of hearing loss on speech intelligibility.. These have

Wireless IoT Technologies and Applications - Near Field Communication

designed to not disturb any ongoing communication at 13,56 MHz, for devices implementing ISO/IEC 18092 and the reader functionality for integrated circuit cards compliant to

Evaluation of hepatoprotective effects and bioactivities of Phyllanthus Niruri and Melastoma Malabathricum / Zahra Abdulqader Amin

These tests are useful in the evaluation and management of liver dysfunctions in order to detect the presence of hepatic injury, distinguish between different